Failover routing between 2 gateways

routing pfsense vyatta

Vyatta supports VRRP, or Virtual Router Redundancy Protocol. This lets two Vyatta routers share a single IP address. To set it up, you assign a priority value to each router. Once enabled, the router with the highest priority claims the shared IP address. If that box drops offline, then the other router determines that it now has top priority, and takes over the IP address.

We've used VRRP with Vyatta in production for a couple of years now, and it's worked very well. We use it for a NAT setup that doesn't have any incoming connections, so it just shares the internal LAN gateway IP (192.168.1.1). If you have incoming connections too, you could share both the LAN IP and the WAN IP.

I don't know that this will help prevent a DoS attack, but it certainly should help avoid problems after typical hardware and software crashes.

There's more information in the High Availability manual on the Vyatta site.


VRRP is the protocol designed for this purpose.

Note that the same idea is called CARP in the BSD world (so you will only find CARP in pfSense).

Related

What is the difference between ‘On + ing ‘ and ‘ing ‘?
How to limit log file size in Apache2
If only had I known it! / If only I had known it!
How to migrate from regular MySQL to Percona Server in production?
Apache Error: Symbolic link not allowed or link target not accessible
Alternative word for "curated content"
Server displays wrong UTC time
Is there a difference in meaning between "I'll be there for 7pm" and "I'll be there at 7pm"?
Allow iptables to allow ip range only on specifc port
What is the word to describe the set of correct answers to a test? [closed]
How "unless" and "until" affect the structure and meaning of a complex sentence
Is "looking to" considered proper English?